A critical vulnerability has been identified in multiple Geutebruck camera products, allowing an unauthenticated attacker to execute arbitrary commands on the underlying database. This flaw, an SQL Injection, can be exploited remotely without any user credentials, potentially leading to a complete compromise of the affected camera systems, including data theft and system manipulation. Due to its high severity and ease of exploitation, immediate remediation is strongly advised.

The vulnerability is an unauthenticated SQL Injection located in the /uapi-cgi/viewer/Param.cgi script. An attacker can send a specially crafted HTTP request to this endpoint, injecting malicious SQL commands into the Group parameter. Because the application fails to properly sanitize this user-supplied input before using it in a database query, the attacker's commands are executed by the database server, allowing for unauthorized data access, modification, or deletion, and potentially leading to remote code execution on the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have severe consequences for the organization, including the exfiltration of sensitive video feeds, camera configuration data, and credentials stored in the database. An attacker could manipulate or delete video evidence, disable cameras to facilitate a physical breach, or use the compromised device as a pivot point to launch further attacks against the internal network. The potential business impact includes loss of confidentiality, integrity, and availability of critical security infrastructure, reputational damage, and regulatory non-compliance.

Immediate Action: Immediately apply the latest security updates and firmware versions provided by Geutebruck to all affected devices. Prioritize patching for cameras that are accessible from the internet or located in critical security areas. After patching, review access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Monitor web server and application logs for anomalous requests to the /uapi-cgi/viewer/Param.cgi script. Specifically, look for requests where the Group parameter contains SQL keywords (e.g., SELECT, UNION, ', --, OR 1=1) or other suspicious syntax. Monitor for unusual outbound network traffic originating from the cameras, which could indicate data exfiltration or command-and-control communication.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Restrict network access to the camera's web interface using a firewall, allowing connections only from trusted management IP addresses.
• Segment the camera network by placing devices on a dedicated VLAN with strict access control lists (ACLs) to limit communication with other corporate network assets.
• Deploy a Web Application Firewall (WAF) with rules designed to detect and block SQL Injection attacks targeting the vulnerable script.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) and the fact that this vulnerability can be exploited by an unauthenticated attacker, it poses a significant and immediate risk to the organization. We strongly recommend that the vendor-supplied patches be applied to all affected Geutebruck devices as a top priority. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to reduce the attack surface and mitigate the risk of compromise.